Penetration testers and security services firms big on leveraging open source tools alongside their full arsenal of security tools will get a boost from the security testing software developed by Core Security Technologies starting in April.
Core announced last week that it will soon offer a full integration of its Core Impact Pro penetration testing software with the popular Metasploit exploit framework. A product of the open source Metasploit Project, the Metasploit Framework has been shepherded by security researcher H.D. Moore since 2003. Designed to offer researchers a more automated tool to develop and execute exploit code against vulnerable systems, Metasploit has since grown to be an invaluable tool for both white hat and black hat hackers intent on compromising targeted machines.
Meanwhile, Core Impact Pro is known throughout the security services channel as one of the most comprehensive commercial automated penetration testing tools on the market. According to Chris Nickerson, CEO of Lares Consulting, the marriage between Impact Pro and Metasploit marks a new era for penetration testers and those with security practices such as his."The most reliable commercial tool blended with the bleeding edge research of the open source community will surely be a hit,” he said.
The new integration will be made available with the next version of Impact Pro, which Core says it expects to deliver through the channel in April. The integrated features will allow security consultants to use the product’s automated penetration testing engine to exploit vulnerabilities and then launch Metasploit’s db-autopwn module in order to add Metasploit test results to Impact Pro’s results. By bringing that Metasploit information into the Impact environment, Core hopes to cut down on the training and expertise necessary to analyze Metasploit reports.
Similarly, users who leverage Metasploit to compromise a system during testing can now deploy a new Impact ProAgent to launch the software’s penetration testing capabilities from the compromised system and use the appliance for in-depth attack replication. The user can then pivot penetration tests to other systems. “By offering professional testers and security staff greater ability to centralize their assessments and incorporate their
Metasploit efforts into their Impact Pro deployments, we feel that we’re providing the market with an expanded opportunity to carry out even more inclusive and valuable penetration tests,” said Fred Pinkett, vice president of product management at Core Security.